pfBlockerNG not blocking ADs

wc2l

I'm still new to this and want to make sure I understand how this works and what I'm doing wrong. I'm running pfSense 24.11. I've got pfBlockerNG 3.2.0_16 installed. At one point, I did have 3.2.1_20 (or similar) installed. Netgate support had me go back to current installed.

It appears a few things have changed.
ADs are coming through.
I also have this error:
[ pfB_PRI3_v4 - MaxMind_BD_Proxy_v4 ] Download FAIL
DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.
The Following List has been REMOVED [ MaxMind_BD_Proxy_v4 ]

How do I stop the ADs and what packages should change to or add? I just want to make things a bit better!!

Gertjan

@wc2l said in pfBlockerNG not blocking ADs:

It appears a few things have changed.

That's very vague. Can you give details ?

@wc2l said in pfBlockerNG not blocking ADs:

ADs are coming through

What ? Just don't go back to that site and issue solved.
.. ok, sorry.
Couldn't this be explained by the simple fact that you visited a web site, and it has a new contract with another market content manager (the one that filled your pages with publicity) and this new content managers uses IPs that are not known to anybody, so can't be listed by any pfBlockerng ?

Do you know what pfBlockerng does ?
It gets files from 'places', and these files are filled with lines like this :

Who put these (can you see them ?) host names in this file ? The people that 'work for' Stevenblack DNSBL AD list. And this could be you, me, and who ever wants to signal a host name to somebody so they get listed on some so called DNSBL feed like "Steven ADs" list.

These host name (URL) lists are made available to the pfSense resolver.
Let's get an example : You see www.marrketstrategy.com ?
Let's test :

PS C:\Users\Gauche> nslookup www.marrketstrategy.com
Serveur :   pfSense.bhf.tld.net
Address:  2a01:cb19:907:dead:beef:77ff:fe29:392c

Réponse ne faisant pas autorité :
Nom :    www.marrketstrategy.com
Address:  0.0.0.0

The answer is 0.0.0.0 so the browser now knows : don't even bother asking IP 0.0.0.0 as 0.0.0.0 is a 'know known' address.
You see ? No rocket science, this is how it add servers are blocked : an URL is found on a web page, so your browser goes out looking for it The browser can't work host names, so it will have it resolved (== DNS) first.
And resolving happens on pfSense, which, as we saw, produces a nice 0.0.0.0 as the ad server domain name was listed on a DNSBL you put into pfBlockerng (who put it into the resolver).

Now for IP lists, which looks like (part of the BBCaN77 IP list) this :

isn't really different.
These are IP address, so they all together (with other IP lists) stashed into one big firewall alias, and then used as a floating rule, so my local network devices can't connect to these IPs anymore.

Example : see the list, and find the first IP 91.121.162.48.
When I use that IP in browser (so I will use port 443 on that IP), my browser will error out.
I could also try Telnet, SSH, POP, IMAP, etc etc etc ports. They will all time out, as I cant' reach this 91.121.162.48 anymore.
The only action I can see is this :

As you can see, the hit counter go up, as I was trying to access (== outbound direction) this IP. So me trying to access that IP, my traffic never even reached the pfSense WAN interface.